[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] [RAQ3] Problems with SSL and MSIE (a workaround)
- Subject: [cobalt-users] [RAQ3] Problems with SSL and MSIE (a workaround)
- From: Sales - Way to the Web <sales@xxxxxxxxxxxxxxx>
- Date: Wed Nov 1 09:34:01 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hello,
There's been an ongoing thread over the last year WRT intermittent problems
that people see with SSL on the RaQ3's and Microsoft Internet Explorer.
I've been looking into this issue for this time off and on and have finally
(finally!) found a solution.
The Problem
===========
Many people using CGI scripts running through the SSL server have found
weird unrelated errors appearing when using MSIE (not Netscape or Opera
BTW), like:
I/O Errors
Insecure Item Errors
DNS Errors
The Real Problem
================
<sarcasm>Surprisingly</sarcasm>, MS IE has many small smelly bugs in it in
areas that the other browsers mentioned do not.
After much hacking, testing, scripting, tears and tantrums, (and internet
searching), I finally found a technical reference and workaround for the
problem at:
http://www.modssl.org/docs/2.6/ssl_faq.html#io-ie
The Solution
============
Using the information from the article above, if you have users experiencing
this problem (we do with different CGI scripts running through SSL), here's
the modification we made:
Change the following block of code in /etc/httpd/httpd.conf (large chunk to
help find it)
from:
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
to:
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
$PerlConfig .= " nokeepalive ssl-unclean-shutdown
\\n";
$PerlConfig .= " downgrade-1.0 force-response-1.0\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
Restart Apache.
Conclusion
==========
Since doing this we have had NO reports of problems (e.g. one of our
customers was having continuous problems with a CGI scripting running
through SSL and using MSIE and now he's a happy chappy).
I don't know if it would be wise to ask Cobalt to implement this workaround
into the base code since it is catering for a bug in MSIE. But since MSIE
usage these days is around 75% of all web users, maybe they could?
Regards,
Jonathan Michaelson
Way to the Web Ltd
Commercial CGI Scripting, Web Hosting
http://www.waytotheweb.com